package com.jlu.springsecurity.service.impl;

import com.jlu.springsecurity.service.MyService;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;

import javax.servlet.http.HttpServletRequest;
import java.util.Collection;

@Service
public class MyServiceImpl implements MyService {
  @Override
  public boolean hasPermission(HttpServletRequest request, Authentication authentication) {

    Object user = authentication.getPrincipal();
    if (user instanceof UserDetails){
      UserDetails userDetails = (User)user;
      Collection<? extends GrantedAuthority> authorities = userDetails.getAuthorities();
      return authorities.contains(new SimpleGrantedAuthority(request.getRequestURI()));
    }
    return false;
  }
}
